twenty
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlto interact with the Twenty CRM REST and GraphQL APIs. These operations are restricted to the CRM's functional scope (managing contacts, companies, notes, and tasks). - [DATA_EXPOSURE]: Credentials and configuration are managed via
vm0_secrets(TWENTY_TOKEN) andvm0_vars(TWENTY_API_URL). The commands useprintenvto safely interpolate these values intocurlheaders, which is a standard and secure practice for credential management in this environment. - [COMMAND_EXECUTION]: The skill writes temporary JSON payloads to
/tmp/twenty_request.json. This is used to structure data for POST and PATCH requests before sending them viacurl. This is a local file operation within the agent's temporary workspace.
Audit Metadata